How to restart OpenVPN in a script?



  • I have an OpenVPN client that I leave connected 24/7, and every week or so the connection drops and doesn't reconnect automatically. I can easily get reconnected by going to Status > OpenVPN and clicking on the restart OpenVPN service icon. I would like to write a script to check the connection every 5 minutes, and if it's down, restart OpenVPN.

    Can someone tell me if it's possible to restart the OpenVPN service for a script?

    Any hints/suggestions would be much appreciated.



  • I am using all kinds of OpenVPN connections and I never have to restart them manually. They typically run for months and automatically reconnect after a couple of seconds for all kinds of interruptions. There are OpenVPN settings related to that, but you haven't published your settings.

    It may also make sense to increase the verbosity level and check whether there are any entries related to your problem.



  • @jsphgttgns said in How to restart OpenVPN in a script?:

    I am using all kinds of OpenVPN connections and I never have to restart them manually. They typically run for months and automatically reconnect after a couple of seconds for all kinds of interruptions. There are OpenVPN settings related to that, but you haven't published your settings.

    It may also make sense to increase the verbosity level and check whether there are any entries related to your problem.

    Thanks for the reply. I've uploaded the settings that I used. The problem that I'm having is with Private Internet Access. I added some "Custom Settings" that I found in a forum that "more or less solved the problem" (drops occasionally - once every few weeks).

    0_1528055386238_OpenVPN_Clients_Settings.png

    If you have any idea as to what settings I should change, that would be most appreciated. Thankfully the connection doesn't drop very often, so it will no doubt take quite some time to know if I have been successful in finding the correct answer.



  • I think your "Custom options" are mostly superfluous. Just set up a test tunnel without the parameters and export the settings to study the default options.

    auth-nocache is more or less cosmetics and reneg-sec 0 may also not do a lot as the server might enforce the renogatiation.

    I'd setup a default tunnel without extra options and evaluate the log file. I also don't see why you need net30.



  • playback svc restart openvpn client 1
    
    0) Logout (SSH only)                  9) pfTop
     1) Assign Interfaces                 10) Filter Logs
     2) Set interface(s) IP address       11) Restart webConfigurator
     3) Reset webConfigurator password    12) PHP shell + pfSense tools
     4) Reset to factory defaults         13) Update from console
     5) Reboot system                     14) Disable Secure Shell (sshd)
     6) Halt system                       15) Restore recent configuration
     7) Ping host                         16) Restart PHP-FPM
     8) Shell
      
    
    Enter an option: 12
    
    
    Starting the pfSense developer shell....
    
    Welcome to the pfSense developer shell
    
    Type "help" to show common usage scenarios.
    
    Available playback commands:
         changepassword checkopenvpn_status disablecarp disablecarpmaint disabledhcpd disablereferercheck enableallowallwan enablecarp enablecarpmaint enablesshd externalconfiglocator generateguicert gitsync installpkg listpkg removepkgconfig removeshaper resetwebgui restartdhcpd restartipsec svc tmp2 uninstallpkg 
    
    pfSense shell: playback svc restart openvpn client 1
    
    Playback of file svc started.
    
    Attempting to issue restart to openvpn service...
    
    openvpn has been restarted.
    pfSense shell: 
    
    


  • @heper said in How to restart OpenVPN in a script?:

    playback svc restart openvpn client 1
    
    0) Logout (SSH only)                  9) pfTop
     1) Assign Interfaces                 10) Filter Logs
     2) Set interface(s) IP address       11) Restart webConfigurator
     3) Reset webConfigurator password    12) PHP shell + pfSense tools
     4) Reset to factory defaults         13) Update from console
     5) Reboot system                     14) Disable Secure Shell (sshd)
     6) Halt system                       15) Restore recent configuration
     7) Ping host                         16) Restart PHP-FPM
     8) Shell
      
    
    Enter an option: 12
    
    
    Starting the pfSense developer shell....
    
    Welcome to the pfSense developer shell
    
    Type "help" to show common usage scenarios.
    
    Available playback commands:
         changepassword checkopenvpn_status disablecarp disablecarpmaint disabledhcpd disablereferercheck enableallowallwan enablecarp enablecarpmaint enablesshd externalconfiglocator generateguicert gitsync installpkg listpkg removepkgconfig removeshaper resetwebgui restartdhcpd restartipsec svc tmp2 uninstallpkg 
    
    pfSense shell: playback svc restart openvpn client 1
    
    Playback of file svc started.
    
    Attempting to issue restart to openvpn service...
    
    openvpn has been restarted.
    pfSense shell: 
    
    

    Thanks very much for this! That's what I want to accomplish.

    I'm a bit of a noob, so I need a bit of context. How can I wrap that command for use on a bash shell?

    I'm assuming I need a small php script or is it possible to run the built in shell from the command line and pipe this command to it?



  • @guardian
    More info here:https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell

    Not at pc atm, so can't provide a ready to use example

    [root@pfsense.lan]/root: pfSsh.php playback svc restart openvpn client 1
    
    Starting the pfSense developer shell....
    
    Attempting to issue restart to openvpn service...
    
    openvpn has been restarted.
    [root@pfsense.lan]/root: 
    
    


  • @heper said in How to restart OpenVPN in a script?:

    @guardian
    More info here:https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell

    Not at pc atm, so can't provide a ready to use example

    [root@pfsense.lan]/root: pfSsh.php playback svc restart openvpn client 1
    
    Starting the pfSense developer shell....
    
    Attempting to issue restart to openvpn service...
    
    openvpn has been restarted.
    [root@pfsense.lan]/root: 
    
    

    The problem with a lot of documentation is often lack of context. If you sort of know, but just need a reminder it's great, but if you don't know and don't have a lot of background it can be very frustrating.

    Thanks so much for going the extra mile on this, that's exactly what I need. I really appreciate it.